#################################################################
#
#	MPD configuration file
#
# This file defines the configuration for mpd: what the
# bundles are, what the links are in those bundles, how
# the interface should be configured, various PPP parameters,
# etc. It contains commands just as you would type them
# in at the console. Lines without padding are labels. Lines
# starting with a "#" are comments.
#
# $Id: mpd.conf.sample,v 1.46 2009/04/29 11:04:17 amotin Exp $
#
#################################################################

startup:
	# configure mpd users
	set user admin a759 admin
	# configure the console
	set console self 127.0.0.1 5005
	set console open
	# configure the web server
	set web self 0.0.0.0 5006
	set web open

#
# Default configuration is "dialup"

default:
	load pppoe_server
	load pptp_server


pppoe_server:
#
# Multihomed multilink PPPoE server
#

# Create clonable bundle template
	create bundle template A
# Set IP addresses. Peer address will be later replaced by RADIUS.
#	set ipcp ranges 192.168.0.1/32 127.0.0.2/32
#	set ipcp ranges 192.168.1.1/24 192.168.2.1/24
	set ippool add pool0 10.10.12.51 10.10.12.101
	set ipcp ranges 10.10.12.1/24 ippool pool0
	set ipcp dns 10.111.112.1
	
# Create link template with common info
	create link template common pppoe
# Enable multilink protocol
	set link enable multilink
# Set bundle template to use
	set link action bundle A
# Enable peer authentication
	set link disable chap pap eap
	set link enable pap
	load radius
	set pppoe service "vkekdsl"

# Create templates for ifaces to listen using 'common' template and let them go
	create link template em1 common
	set link max-children 1000
	set pppoe iface em1
	set link enable incoming

#	create link template fxp1 common
#	set link max-children 500
#	set pppoe iface fxp1
#	set link enable incoming

pptp_server:
#
# Mpd as a PPTP server compatible with Microsoft Dial-Up Networking clients.
#
# Suppose you have a private Office LAN numbered 192.168.1.0/24 and the
# machine running mpd is at 192.168.1.1, and also has an externally visible
# IP address of 1.2.3.4.
#
# We want to allow a client to connect to 1.2.3.4 from out on the Internet
# via PPTP.  We will assign that client the address 192.168.1.50 and proxy-ARP
# for that address, so the virtual PPP link will be numbered 192.168.1.1 local
# and 192.168.1.50 remote.  From the client machine's perspective, it will
# appear as if it is actually on the 192.168.1.0/24 network, even though in
# reality it is somewhere far away out on the Internet.
#
# Our DNS server is at 192.168.1.3 and our NBNS (WINS server) is at 192.168.1.4.
# If you don't have an NBNS server, leave that line out.
#

# Define dynamic IP address pool.
	set ippool add pool1 10.10.12.153 10.10.12.203

# Create clonable bundle template named B
	create bundle template D
	set iface enable proxy-arp
	set iface idle 1800
	set iface enable tcpmssfix
	set ipcp yes vjcomp
# Specify IP address pool for dynamic assigment.
	set ipcp ranges 10.10.12.102/24 ippool pool1
	set ipcp dns 10.111.112.1
#	set ipcp nbns 192.168.1.4
# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
	set bundle enable compression
	set ccp yes mppc
	set mppc yes e40
	set mppc yes e128
	set mppc yes stateless

# Create clonable link template named L
	create link template L pptp
# Set bundle template to use
	set link action bundle D
# Multilink adds some overhead, but gives full 1500 MTU.
	set link enable multilink
#	set link disable multilink
	set link yes acfcomp protocomp
	set link no pap chap eap
	set link enable chap
# We can use use RADIUS authentication/accounting by including
# another config section with label 'radius'.
	load radius
	set link keep-alive 10 60
# We reducing link mtu to avoid GRE packet fragmentation.
	set link mtu 1460
# Configure PPTP
#        set pptp self 1.2.3.4
# Allow to accept calls
        set link enable incoming


radius:
# send accounting updates every 5 minutes
	set auth acct-update 300
# enable RADIUS, and fallback to mpd.secret, if RADIUS auth failed
	set auth enable radius-auth
# enable RADIUS accounting
	set auth enable radius-acct
#Limit the max. amount of concurrent logins with the same username. 
#If set to zero, then this feature is disabled. If CI argument is present login comparision will ba case insensitive.	
#	set auth max-logins num [CI]
	set auth max-logins 1
# You can use radius.conf(5), its useful, because you can share the
# same config with userland-ppp and other apps.
#	set radius config /etc/radius.conf
# or specify the server directly here
	set radius server 10.111.119.9 3gate3 1812 1813
	set radius retries 3
	set radius timeout 3
# send the given IP in the RAD_NAS_IP_ADDRESS attribute to the server.
	set radius me 10.111.112.1

# protect our requests with the message-authenticator
	set radius enable message-authentic

